﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.Security;
using System.Data.SqlClient;
public partial class ChangePassword : System.Web.UI.Page
{
    SqlConnection conn;
    SqlCommand cmd;
    protected void Page_Load(object sender, EventArgs e)
    {
        conn = new SqlConnection(System.Web.Configuration.WebConfigurationManager.ConnectionStrings["connstr"].ConnectionString);
        if (!Page.IsPostBack)
        {
            txtUserName.Text = Session["LoggedInUser"].ToString();
            Session.Remove("LoggedInUser");
            try
            {
                conn.Open();
            }
            catch (SqlException ex)
            {
                ltMsg.Text = ex.Message;
            }
        }
    }
    protected void btnChangePassword_Command(object sender, CommandEventArgs e)
    {
        string EncPass = string.Empty;
        if (e.CommandName.Equals("ChangePassword"))
        {
            if (!txtNewPassword.Text.Equals(null))
            {
                EncPass = SSTCryptographer.Encrypt(txtNewPassword.Text, System.Web.Configuration.WebConfigurationManager.AppSettings["KEY"]);
                cmd = new SqlCommand("update HAT_UserAccounts set Password=@NewPassword, ForcePasswordChangedDate=@PassChangedDate, ForcedPasswordChange=@PassChange where UserName=@UserName", conn);
                cmd.Parameters.Add("@NewPassword", System.Data.SqlDbType.VarChar).Value = EncPass;
                cmd.Parameters.Add("@PassChangedDate", System.Data.SqlDbType.DateTime).Value = DateTime.Now;
                cmd.Parameters.Add("@PassChange", System.Data.SqlDbType.Bit).Value = false;
                cmd.Parameters.Add("@UserName", System.Data.SqlDbType.VarChar).Value = txtUserName.Text;
                try
                {
                    conn.Open();
                    cmd.ExecuteNonQuery();
                    FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, true, FormsAuthentication.FormsCookiePath);
                }
                catch (SqlException ex)
                {
                    ltMsg.Text = ex.Message;
                }

            }
        }
    }
}